Description

OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.

Remediation

References

CVE-2009-3245

Related Vulnerabilities

Ruby Cryptographic Issues Vulnerability (CVE-2013-4073)

phpList Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-2916)

PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2007-2138)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-9714)

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress Cross-Site Scripting (3.7.38)

Severity

Critical

Classification

CVE-2009-3245 CWE-20

Tags

Missing Update Known Vulnerabilities